Cyber Intelligence Report – June 15, 2014

Brig. Gen. Eitan Eshal, Head of Research and Development at Mapat in the Defense Ministry, warned against the dangers of the growing dependence on cyberspace in daily life. “Every year we expose ourselves more and more to cyber-attacks. All of this creates a situation where everything is connected with everything, and cyberspace becomes a dimension of warfare.” This reality creates new challenges to cyber security. The old cyber defense tools are not enough “to deal with the new situation, security systems go in the direction of intelligence driven security.” Eshal also spoke about the growth of the Israeli cyber industry: “We have a tight cooperation with the industry. When we started we worked with 4 companies; today we are working with more than 30.” Eshal’s words correspond with those of the Minister of Science, Technology and Space, Yaakov Peri, who stated in the next two years his office and the Israel National Cyber Bureau will be investing millions of shekels in cyber security “turning Israel to a leading superpower in that field.

A few days ago, the United States and Australia announced they will strengthen their cooperation on cyber-security issues. According to the White House, it will be an “alliance for the future.” The White House declared: “The United States and Australia are also working to strengthen cooperation on space and cyber issues, including cyber defence and cyber security incident response.” It is not their first cooperation, as the US, UK, Australia, New Zealand, and Canada (which form the “Five Eyes Alliance”) have an international agreement of cooperation in signals intelligence. Additionally, President Barak Obama and the Canadian Prime Minister Abbott met at the White House in order to talk about this new collaboration, in terms cyber-defence. The cyber cooperation intends to strengthen the United States cyber security more so than ever, especially considering that the US is constantly targeted by foreign cyber spying operations.

US authorities accused Russian hacker Evgeny Bogachev in absentia of major computer fraud, money laundering, and stealing millions of dollars from accounts of US citizens. American authorities announced Bogachev, also known to the US cyber security community under the nickname “Lucky12345” and “slavik,” was among the group of hackers who attacked about a million computers in the United States. As the representative of US Department of Justice stated at a press conference, Bogachyov created a bot-net (a network of infected computers) called Gameover Zeus, which since 2007 has been used to steal personal and financial data. US law enforcement authorities have requested assistance from Russia in search and arrest of Bogachyov. Currently in the US, there is a trial of another Russian hacker – Alexander Panin, accused of creating the malware SpyEye, affecting about 1.5 million computers worldwide.

Middle East

Cyber crime second most common form of economic crime in the Middle East

According to a recent PwC 2014 global economic crime survey, cybercrime is the second most common form of economic crime reported in the Middle East, though it is the fourth most common form of economic crime globally. The increase in digital applications and Internet adoption also means more complex security threats. According to the survey, an approximate amount lost due to cybercrime in the Middle East may vary between $1 million and $100 million annually. The countries most affected by cybercrime of financial services (between 2012 and 2013) included the UAE, Oman, and Lebanon.

Iraqi Communication Ministry blocked Facebook, Twitter, and YouTube

As Iraq faces an inner conflict in the north, the country’s Ministry of Communications has blocked access to a number of social media sites. According to Cyber Arabs, an organization based in Lebanon monitoring Internet freedom, confirmed Facebook, YouTube, and Twitter were all blocked in Iraq. Facebook and YouTube’s spokespersons mentioned they received reports of limited access to Internet services. Both confirmed there is no technical issue on their side and are checking into the reports. Many Iraqis have now reported using the social media site Whisper, which is an application allowing users to post anonymous posts (similar in the functionality to Twitter, yet with no trace to the original user).

According to an intelligence report published by CrowdStrike, the Chinese hacker “Putter Panda,” a member of the PLA Hacking Unit61486, is responsible for a range of cyber intelligence operation against the US, UK, and French technology. The report explained the hacker’s strategy included sending emails from familiar addresses by sending fake invitations containing malware, hoping users press on the links and unwittingly give hackers access to their computer systems. The company said the goal of the hacker was “obtaining intellectual property and industrial secrets related to defense technology” with intent to “conduct space surveillance, remote sensing, and interception of satellite communications.” Beside the American accusation, China still denies these operations and is continuing its cyber espionage campaign to catch up in terms of space and technology. China is targeting the US, UK, and France because they are among the most advanced countries in the space industry.

According to security reports by Microsoft, Symantec, and local security company, BKAV, Vietnam is one of the most vulnerable countries regarding cyber security. Seventy-eight percent of government websites reported having poor security, forty percent of websites contain security loopholes (compared to 15% in Europe and 5% in the United States), and some fifty percent of computers infected with malicious code (compared to 40% worldwide). Last year three Vietnamese popular news sites were attacked and paralyzed for three weeks, among over two thousand other sites that have been attacked. In an attempt to improve security and increase the number of cyber security experts, Vietnam’s Ministry of Information and Communication and Vietnam’s Computer Emergency Response Center (VNCERT) signed two Memorandums of Understanding with Microsoft Corporation. Microsoft will assist Vietnam to modernize IT facilities, provide monthly security reports, help develop cloud computing, and train Vietnamese cyber security experts. Additionally, Microsoft will help coordinate computer emergency assistance and inspect security breaches. The Vietnamese effort to improve security may improve its stand against China, which is suspected of holding significant cyber offensive capabilities. Tension between China and other nations over South China Sea rises lately, leading to clashes involving ramming of fishing boats and water cannon fights between Vietnamese and Chinese vessels. Chinese and Vietnamese hackers accompanied the maritime clashes with dozens of website hijackings and denial of services on both sides. In today’s new world of cyber warfare, Vietnam may face a new threat against whom it is poorly prepared to fight.

Europe

UK: The Bank of England in war against cyber crime

The Bank of England is currently setting up a cyber intelligence army including ethical hackers to fight against cybercrimes. This decision was made last year after the Financial Policy Committee decided to improve the security of the financial system against cyber-attacks. Andrew Gracie, the Bank’s Executive Director for Resolution, explained CBEST is a framework including intelligence from government agencies and security companies to evaluate risks to the national financial system. Moreover, Gracie declared, “Unlike physical attacks, which are likely to be localised, the impact of a successful cyber-attack on the financial system as a whole is potentially more serious from a financial stability point of view.” The UK cyber security is in constant evolution, and the cooperation between the government and private companies is becoming stronger every day. England is one of the most advanced countries in Europe for cooperation in the field of cyber security. Moreover, it is also the most advanced country in terms of cyber technology development. They have understood the importance of a close cooperation between private and public sectors to ensure their national security.

Since its return to the integrated military command of NATO, France is increasingly more active in the Atlantic organization. In fact, because of decisions taken last year by the French Ministry of Defence in terms of cyber defense, it is as expected that France would strengthen its international cyber cooperation. Just as the UK and Czech Republic, France is officially joining the center of excellence responsible for NATO cyber defense issues. Greece and Turkey are also joining the alliance. Since 2013, France is engaged in a process of strengthening its national security and placed cyber defense as a priority. The French Ministry of Defense and the National Agency for Information Security Systems are working closely to protect the French cyberspace. Beside its cyber defense policy, France is developing offensive cyber capabilities to counter eventual cyber-attacks.

About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.